zombie8
September 17th, 2004, 03:28
Hi
I know Shrinker has been discussed at lengths here but I still can't resolve an issue concerning it... I was trying to patch a packed program. The approach was as usual: Inject patching code in some empty place and make the unpacker jump to this patching code after unpacking the original program but before calling it. Injecting code was easy. This code patches a byte in the unpacked original program. However, when I changed the unpacking code to jump to the patcher and ran the program again, an error message showed up:
Window Title: Shrinker.err
Message Text: ... (3.4) ... Dispatcher initialisation error trapping exceptions
I traced the inserted jump to the patcher, and the problem is the first instruction of the patcher, the one that changes a byte in the unpacked original program. From there the execution line passes to some NTDLL routine. So I thought that the section that holds the unpacked original program might be protected and gave it "writable" flag in the pe header of the executable but nothing changed. Anyway, it can't be protected right from the beginnig 'cause the unpacker writes to it... Where is the problem? I am quite frustrated, i was just following a tutorial and this error was not meant to happen.
Thanx
zombie
I know Shrinker has been discussed at lengths here but I still can't resolve an issue concerning it... I was trying to patch a packed program. The approach was as usual: Inject patching code in some empty place and make the unpacker jump to this patching code after unpacking the original program but before calling it. Injecting code was easy. This code patches a byte in the unpacked original program. However, when I changed the unpacking code to jump to the patcher and ran the program again, an error message showed up:
Window Title: Shrinker.err
Message Text: ... (3.4) ... Dispatcher initialisation error trapping exceptions
I traced the inserted jump to the patcher, and the problem is the first instruction of the patcher, the one that changes a byte in the unpacked original program. From there the execution line passes to some NTDLL routine. So I thought that the section that holds the unpacked original program might be protected and gave it "writable" flag in the pe header of the executable but nothing changed. Anyway, it can't be protected right from the beginnig 'cause the unpacker writes to it... Where is the problem? I am quite frustrated, i was just following a tutorial and this error was not meant to happen.
Thanx
zombie